The FBI this week added to its list of most wanted cybercriminals a former San Diego college student who developed an $89 program called "Loverspy" or "Email PI." Sold online from his apartment, the program would send the suspected cheater an electronic greeting card that, if opened, would install malicious software that could capture emails and instant messages, even spy on someone using the victim's own webcam.

This image provided by the FBI shows the wanted poster for Carlos Enrique Perez-Melara. Among five individuals added this week to the FBI’s list of “most wanted” cybercriminals is Perez-Melara, a former San Diego college student who developed an $89 program dubbed "Loverspy" and "Email PI." Sold online from his apartment, the program was billed as a way to "catch a cheating lover" by sending the person an electronic greeting card that, if opened, would install malware that could capture emails and instant messages, even spy on the person through their webcam. (AP Photo/FBI)
The Associated Press

This image provided by the FBI shows the wanted poster for Carlos Enrique Perez-Melara. Among five individuals added this week to the FBI’s list of “most wanted” cybercriminals is Perez-Melara, a former San Diego college student who developed an $89 program dubbed "Loverspy" and "Email PI." Sold online from his apartment, the program was billed as a way to "catch a cheating lover" by sending the person an electronic greeting card that, if opened, would install malware that could capture emails and instant messages, even spy on the person through their webcam. (AP Photo/FBI)

Carlos Enrique Perez-Melara, 33, has eluded authorities since his July 2005 indictment. His last known whereabouts were in El Salvador, where he was born.

"These are sophisticated folks who know how to hide themselves on the Internet," John Brown, a section chief with the FBI who oversees operations in the agency's cyber division, said of Perez-Melara and creators of other "hacking-for-hire" services.

Terry Reed, a supervisory special agent with the FBI’s San Diego office, said Perez-Melara was a student at City College in San Diego when he started selling the Loverspy program in 2003. He was in the United States on a student visa for approximately four years.

According to the federal indictment, Perez-Melara lived at an apartment on J Street near Island Avenue in downtown San Diego.

Some information collected by the program was hosted on servers located in San Diego, Reed said.

“It was very invasive,” Reed said, adding that the Loverspy program was an “egregious betrayal of trust” for each of the victims who were targeted.

“Look at the privacy that was lost,” Reed said.

Reed said in recent years, cyber-threats have become one of the FBI’s top investigative priorities.

In one case earlier this year, a New York police detective was arrested for spending more than $4,000 on hacking services to obtain the emails of more than a dozen of his colleagues. Many of the operators tend to be based overseas.

The case of Perez-Melara, 33, is noteworthy because he appears to have made relatively little money on the scheme, unlike others on the FBI list who were accused of bilking millions of dollars from businesses and Internet users worldwide. But Perez-Melara, a native of El Salvador who was in the United States on a student visa in 2003 when he sold the spyware, allegedly helped turn average computer users into sophisticated hackers who could stalk their victims.

Loverspy was designed "with stealth in mind, claiming that it would be impossible to detect by 99.9 percent of users," according to a July 2005 federal indictment of Perez-Melara.

Brown said Perez-Melara was added to the FBI most wanted list in part because the former college student has been so difficult to find. The government is now offering a $50,000 reward for information leading to his arrest.

According to his indictment, Perez-Melara sold the software to 1,000 customers, who then tried to infect about 2,000 others. Victims took the bait only about half the time, the government said. People who purchased the spyware were charged with illegally intercepting electronic communications. Most of those cases appear to have resulted in probation and fines.